Following uproar from developers and netizens over proposed changes to Chrome that threaten to break content and ad blockers, and knacker other browser extensions, Google software engineer Devlin Cronin has offered reassurance that the plans aren't set in stone.
"This design is still in a draft state, and will likely change," …

Stop adblocking to protect me ?

Bullshit. Adblocking is what protects me. That, and NoScript.

You want me to resume seeing ads ? Fine, I have a solution for you : create an ad language that does not include popus or popunders, flashing gifs, access to my hard disks or RAM, or any sort of metacommands whatsoever. Show an image, place text on it, and then FUCK OFF.

Make ads conform to that and I will need no adblocker. Until you do (aka hell freezes over), I will use a browser that allows me to block ads and control JavaScript.

Re: Stop adblocking to protect me ?

Precisely.

In particular, the egregious use/abuse of javascript by meta-ad providers seeking all sorts of "cleverness" for their Metrics etc. brings browsers to their knees if you have more than a handful of windows open. And then your entire machine grinds to a halt.

You can watch your CPU idling on 5% and no disk activity, while your mouse is frozen and occasional little bursts of alterations/movement happen on any visible browser windows.

Ads I don't have a problem with -- every site needs to feed itself. Hijacking my machine and turning it into an expensive plastic brick I DO have a problem with.

My newspaper has ads. This in no way prevents me reading it, nor does it prevent me from writing a letter or getting a document out of the filing cabinet and reading it ; I am not glued motionless to my chair. The same is not true on my computer if I use the "modern"-ad-supported web: all normal activity is periodically crippled or even suspended.

Re: Fine, I have a solution for you

Re: Fine, I have a solution for you

Simpler solution.

Chrome, uninstall.

Exactly. Although it probably won't affect me much. I'll just continue to use Waterfox as I always have been. And for entertainment I'll continue sending nastygrams to websites that fail to work under Firefox/Waterfox.

Worlds biggest slinger of ads wants to hamstring most adblockers. Not suspicious at all.

If Google are doing this, as they claim, to try and limit rogue extensions, then I'm calling bullshit. Yes, rogue extensions are an issue but the browser providers then need to do a better job of keeping their stores clean, as Google claims to do with their app store.

As an aside, almost every app on my Android phone that I have concerns over regarding excessive permissions is an Android system app. I would love someone at Google to explain to me why every time I get a phone call (yes, those are still a thing) the Play Services app pops up a warning telling me that it can't function without access to my contacts, calendar, location and pretty much everything else.

Perhaps Google could explain

Exactly how that specific API that is used by privacy enhancing extensions is being misused by rogue developers? If they cannot offer any reasonable explanation for this, then their motives become clear.

My Machine, I Decide What Runs

Metal poisoning

I have not used Chrome in years. Though I do use Chromium-based Opera and Vivaldi. They have operated well, where Chrome didn't. The scary change seems to be targeted at Chromium, so I wonder to what extent Opera and Vivaldi will be able to go against the flow, and to what extent they will go against the flow.

welp....

back to Firefox until if/when they fuck it up.

On a more seriousish note, I wonder if this will inspire more DIY setups among those of us who are technically inclined. Considering that you largely cannot trust anything that you haven't put together yourself.

I am, of course, not talking about handcrafting your own firewall from only artisinal bits on the finest of organic silicon, but more of a pfSense on a pi lovingly shoved into our own and acquaintances networks. The purpose of course being to starve the beast just enough to get it to correct its attitude.

Re: welp....

Sorry, but do you seriously rely on the sufficiently "technically inclined" to "starve the beast"?

Out of the many millions of people using the Internet, how many are capable (and willing!) to build and maintain a DIY filter on their home networks? Not everyone using a browser is a seasoned network admin.

Besides, installing and maintaining a filtering Pi on all their friends' and relatives' homes might become a full time job for the 1% who can actually do it... IMHO some will do it, most won't, at least not for long.

Re: welp....

Unfortunately, this is exactly the problem. I have such a filter on my network. I'd like to install that on my parents' network. One of the aforementioned parents actually wants that, because they do not like ads. However, I haven't done it. The reason: I do not live close to their house, so when they find a way for the system not to work, I'll have to do over-the-phone tech support to instruct a technically-unaware person how to fix an embedded Linux system. You may say that the system would be able to handle most error conditions, and on that you would be right. I don't doubt that it could probably fix itself on most unusual network activity. Unfortunately, these would be some scenarios under which it wouldn't be so capable:

1. Someone pulls the power on it, and doesn't recognize that.

2. Someone needs an SD card, and removes the one running the pi (yes, I do think someone would do that. I have a specific person in mind.)

3. Someone disconnects power at an inopportune time, and the SD card is corrupted. The other version of this is that power fails but something went wrong and the SD card was corrupted anyway.

4. Something goes wrong with their home network, and the technically unaware choose to use the reset button under the theory that that will fix their problem (they have done this before, thankfully I had a backup config for the device from when I set it up the first time).

5. They want to administer their own system, and ask me for the access. It is their network, so I'd have to give them access. I would then be kept up at night answering questions about whatever they used their access to break.

You might respond that this shouldn't stop me, because even if the device breaks, they're no worse off than they are now. Unfortunately, the history of managing those systems says otherwise. Every time something stops working, even though I didn't have anything to do with the problem or in some cases set it up, they will complain to me. These are the people who refuse to use a Linux machine, even as a backup. They may ask me to assist with a problem, but they will also take advice I give and do the things I exhorted them not to do. For example, one of them strongly dislikes Google and complains about them, yet continues to use Chrome, Google search, and gmail. You figure that out; I have told them about Firefox, duckduckgo, and for that matter ad-blocking extensions multiple times. This is a quagmire I don't need to walk into.

Re: welp....

I live with another family and the situation is exactly the same. I've set up my own VPN'ed channel into the cable router and everything I do is invisible to them and they are equally invisible to me. Took awhile but I did finally convince them that I know nearly nothing about Windows 10. I'm keeping the fact that Server 2016 and 10 do share some similarities to myself. Having no cell phones in my life keeps me out of trouble in that regard. It's pretty much self-preservation now.

[No one, after they take one look at any of my computers, even the Windows ones, wants to use one of mine. Bizarre is a good start on their desktops.]

Re: welp....

The reason: I do not live close to their house, so when they find a way for the system not to work, I'll have to do over-the-phone tech support to instruct a technically-unaware person how to fix an embedded Linux system.

Tools like OpenVPN (allowing you to remove an open SSH port) or perhaps Teamviewer (locked down as tight as you can, perhaps starting/stopping on a schedule) might be a bit of an aid there, but that doesn't solve the other issues.

I recently put a Pi into operation at a certain place, and to stop SD card tampering it's in a box with some other nasty looking electronics. The fact that they do nothing is only known to me, the look is the key and that'll keep prying hands well away ((I should've had one of the larger caps charged, as a backup in case prying hands got tempted anyway). Putting network gear away into a roofspace or closet can help a lot, especially if the wifi router they can access is secondary to the network and behind the pi etc so you can get in remotely.

But still there are those people for whom that setup will only last but a day. For those cases I provided the number of a 'helpful friend'. Not someone I wanted bothering me so I figured I'd solve a couple of issues, the "friend's" insistence on trying to contact me and the rellies insistence on hands-on knowledge of things of which I said "It's working perfectly now, don't touch". (they break it, I'm too far away and too busy to fix it, so they have to deal with Jim - and, well, Jim's great in rare short doses).

Re: welp....

Sadly, no. There are not enough of the technically inclined that even care enough to "starve the beast". This is more a dream of the people taking back what they shouldn't really have provided in the first place. I am guilty of that as well since Chrome ran Gmail and youtube well, I said fuck it. For myself, I am going to try to unfuck it.

Re: welp....

Besides, installing and maintaining a filtering Pi on all their friends' and relatives' homes might become a full time job for the 1% who can actually do it... IMHO some will do it, most won't, at least not for long.

There's a couple of solutions to that.

One, make the system sufficiently self-maintaining and simple to fix (perhaps using your own form of repository system). This can reduce the actual amount of time needed per person to a few minutes a month, maybe less.

Another - constantly berate your family and friends for how stupid they are and how little they value your time, how much more superior you are to them. Remind them you're so busy you don't even have time for a weekly shower (try seaweed juice (the stuff you put on plants) dabbed on your clothing for the odoriferous effect without the lack of hygiene), and you're there only because you cannot tolerate such worthless idiots accessing the internet without someone much more skilled there to take responsibility for watching over their actions and making sure they don't hurt themselves, like a parent should watch a 2year old. Thus guaranteeing you will have few people to worry about!

Re: welp....

"Another - constantly berate your family and friends for how stupid they are and how little they value your time, [...] and you're there only because you cannot tolerate such worthless idiots accessing the internet without someone much more skilled there to take responsibility for watching over their actions [...] [t]hus guaranteeing you will have few people to worry about!"

Thanks for the suggestion. I think that sounds like a wonderful alternative to just not doing it and letting them decide whether they want the system.

If you think that is the attitude that we have, you are not getting the point of our posts. We are not saying that people lack the responsibility to run technology or use the internet. We are saying that some of them lack the knowledge necessary to maintain a self-run DNS server to block hosts themselves and possess other attributes that make support more difficult. Take my post, where I stated that my parents might easily manage to disable such a system in a way that would make it difficult. This is not because my parents have any specific problems. I greatly respect them, and there are many things they can do very well that I cannot do well at all. Unfortunately, Linux administration is not one of those things.

It is not because they disrespect me or my work that this would be problematic; it is because it is complex and I don't need to spend the large amount of time that I predict support will require. If I lived close to them, where I could quickly come over and repair anything, I would likely set it up if they requested. If I could be assured that there would be no hardware interference, I would also set it up. The reality, however, is that the system would probably be interfered with, and I would either have to spend a much longer time repairing it than it would take if I could do so myself, or the users would have to put up with the system being down for a longer time. That does not provide enough benefits to the user or to me as support for the system in that situation to be worthwhile.

Re: welp....

Bear in mind that something else google (and others) want to do For Our Protection is bypass system DNS and have chrome talk to DNS servers directly over HTTPS:

https://developers.google.com/speed/public-dns/docs/dns-over-https

https://en.wikipedia.org/wiki/DNS_over_HTTPS

There are legitimate reasons for wanting to pass DNS queries in encrypted form, but this will also have the effect of neutering DNS-based ad blocking solutions external to the browser such as pi-hole or pfBlockNG - your browser will only talk to the DNS servers it's configured to talk to. It will also make it much harder to see what DNS traffic is occurring - you would essentially need a browser API to do be able to do that directly, as I suspect any implementation would fail if it detected any attempts to MitM the SSL (so you couldn't intercept the DNS by spoofing an 8.8.8.8 on your local network for example since it wouldn't have the requisite google cert).

Re: welp....

When I was doing front-line stuff one of the things we looked for on a suspect machine was who it was talking to, and logging DNS queries helped, as did logging which IP's they tried to talk to.

Most of the time it was stuff like Win7 getting stuck talking to update servers or AV software innocently (yet annoyingly) using up resources, or other simple harmless oddities. But at times we could see stuff going on that would point us to a bit of malware that had somehow escaped notice or detection, and of course traffic NOT going through our DNS server told us of things amiss.

Thanks Google, yet another tool for security, minor as it may be, now going thanks to your desire to rain more ads on people already saturated.

Coming on the heels of a recent decision by a "well-beloved corporation," did Microsoft have any input on this? Perhaps a prodding one? I was already wondering that before I hit this article. Probably nothing.

Coming on the heels of a recent decision by a "well-beloved corporation," did Microsoft have any input on this? Perhaps a prodding one? I was already wondering that before I hit this article. Probably nothing.

I would doubt it. Not for any reasons of trust in Microsoft, but if Microsoft wanted this change as well Google would have made sure the world knew about it so that the ensuing shit storm would hit them too.

commit suicide if you want...

I'm not screaming bloody murder. I don't mind because there are lots of options on lots of levels to do what I want. Think I need your revised extension system? Wrong. Think your browser marketshare is secure? Wrong. Think I'm going to waste more time submitting bug reports or trying to convince you of anything? Wrong.

Google doing this might actually HELP Chrome dominate

Website owners don't like people blocking ads, and since Chrome already has a dominant browser share website owners simply have to design their sites for Chrome and stop caring how they look using Firefox or Safari, on the assumption that most people using those browsers are "freeloaders".

Re: Google doing this might actually HELP Chrome dominate

I've watched many large sites rise and suddenly fall, as if they're on the Simpson's escalator to nowhere.

I've seen the same for software, with browsers for example. Not too long back Chrome as unknown and another had an unassailable lead. But that browser fell out of favour, and Chrome swallowed up the ground seemingly overnight.

When people get sick of very annoying ads and not being able to manage other content in a convenient fashion, Chrome will no longer be convenient to use. Others are waiting in the wings, watching the mistakes of the big leaders and biding their time. Customer laziness only protects you for so long.

Re: Google doing this might actually HELP Chrome dominate

The problem with the analogy is that Google used a number of avenues to promote Chrome that alternatives just don't have - avenues such as getting companies offering free downloads to bundle it with their software, advertising it on one of the most trafficked web pages in the world, etc. It also got a massive, lightning-in-a-bottle boost when other large sites pushed it hard due to the newly-appointed Mozilla CEO having donated to a PAC in favor of traditional marriage years before he took the helm.

As it stands, almost all the competitors have nothing but word-of-mouth to spread by - and most of those are still Chromium skins. The few exceptions are Firefox forks, but their userbase tends to be disgruntled Firefox users; converting Chrome users isn't typical. We might see this monoculture broken, but HTML5 has allowed it to embed itself much deeper than IE6 did.

Alternatives with support for `--app`?

I use Firefox for browsing and research but I do have a build of an ungoogled fork of Chromium sitting in a folder just because of the `--app` command-line switch. It has uBlock Origin installed (an extension that I consider mandatory, these days) and I use `--app` to launch a tonne of sites as "applications" without having to install any local software.

For example, I have shortcuts for Slack, Skype (web), Trello, Spotify, our corporate Jenkins and GitLab instances. Each shortcut is pinned to my Windows taskbar and that gives me close enough to a native experience: separate windows, without address bars and toolbars, all in the alt-tab carousel.

Without --app, these would all be lost in amongst the mess of tabs in my browser!

--app is grand because it means you can have a sufficiently application-like experience without another piece of bloat installed and automatically phoning home and updating itself, along with its inevitable security holes. Want to "uninstall" something? Simply delete the shortcut that launches it. In the future, with PWAs, I can imagine that --app will only become more useful.

I guess that this change will affect all the Chromium offspring. Sadly, probably that includes Vivaldi, even. So... is there anything that's NOT Chromium-based that provides something like Chromium's --app mode? (Would be great if Firefox would add that! I would only need one browser installed.)

Re: There is always the old fashioned way

"Not much they can do about that one...."

They can implement their own DNS client in Chromium/Chrome instead of using the one from the OS. This can then ignore the "/etc/hosts (or whatever it is on your O/S)" and always resolve anything google.com. They can even decide to encrypt it so a network based filter cannot interfere with google.com hosts name resolution.

Re: There is always the old fashioned way

You could theoretically run your own DNS system that periodically checks all the domains you don't want, and then modifies your firewall to block any address that shows up. However, the better response should they prevent normal DNS is to stop using the thing.

Embrace, extend, and extinguish

Google has succeeded where Microsoft failed, Google now has effective control over the internet, they will continue to use the dominance of their websites and Android to cripple the performance and compatibility of competing browsers on their platforms. They will continue to spam anybody visiting their sites that Chrome is the solution to all the browser performance issues.

That's me out then. Most of the time I re-visit my own code I spend hours staring at a line wondering "WTF does this do????"

Where other coders are concerned? Furgeddaboutit!

(BTW, I cannot change the flow of time simply by slapping my car into reverse - at least not without some minor changes to the engine. Please stop using the marketfreak newspeak "moving forward" phrase in place of the more appropriate "in the future" or similar terms! The article writer my be a yank and thus somewhat linguistically-challenged, but El Reg should be better than this coming from ol' Blighty!)

I suspect there has been some dabbling in the code already, On two installations of Opera X64, scriptsafe has become decidely flaky - letting stuff through that it has previously blocked with a message saying something along the lines of 'Scriptsafe has recently been reloaded'.... I was exclusively useing PaleMoon but that has become increasingly clunky and has broke some addins - particularly NoScript. Opera also takes a dogs age to load & invades RAM like the Germans did with France (in common with other Chromium variants). Since this announcement and using Googly derived products not sitting at all well with me, I've moved back to Firefox ESR, aside from the lack of migation help, it's fine. Loads faster, no fuckaroundery with addins and crucially (as far as i'm aware) no googlyness involved.